JS changes and fixes
parent
b1d0776ad1
commit
15853df84c
File diff suppressed because one or more lines are too long
|
@ -44,6 +44,7 @@ endif;
|
|||
<script src="/js/bootstrap-switch.min.js"></script>
|
||||
<script src="/js/bootstrap-slider.min.js"></script>
|
||||
<script src="/js/bootstrap-select.min.js"></script>
|
||||
<script src="/js/notifications.min.js"></script>
|
||||
<script src="/js/u2f-api.js"></script>
|
||||
<script>
|
||||
// Select language and reopen active URL without POST
|
||||
|
@ -53,14 +54,12 @@ function setLang(sel) {
|
|||
}
|
||||
|
||||
$(document).ready(function() {
|
||||
function mailcow_alert_box(type, message) {
|
||||
$('.mailcow-alert-box').show();
|
||||
$('.mailcow-alert-box').addClass("alert-" + type);
|
||||
$('#mailcow-alert-text').text(message);
|
||||
function mailcow_alert_box(message, type) {
|
||||
$.notify({message: message},{type: type,placement: {from: "bottom",align: "right"},animate: {enter: 'animated fadeInUp',exit: 'animated fadeOutDown'}});
|
||||
}
|
||||
// PHP error handler
|
||||
|
||||
|
||||
<?php if (isset($_SESSION['return'])): ?>
|
||||
mailcow_alert_box("<?=$_SESSION['return']['msg'];?>", "<?=$_SESSION['return']['type'];?>");
|
||||
<?php endif; unset($_SESSION['return']); ?>
|
||||
// Confirm TFA modal
|
||||
<?php if (isset($_SESSION['pending_tfa_method'])):?>
|
||||
$('#ConfirmTFAModal').modal({
|
||||
|
@ -226,30 +225,9 @@ $(document).ready(function() {
|
|||
}
|
||||
});
|
||||
});
|
||||
|
||||
if ($('#mailcow-alert').hasClass('alert-success')) {
|
||||
$('#mailcow-alert').delay(5000).animate({right: '-50%'}, 1000);
|
||||
};
|
||||
});
|
||||
</script>
|
||||
|
||||
<div class="container">
|
||||
<div id="mailcow-alert" class="alert" role="alert">
|
||||
<span id="mailcow-alert-text"></span>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body>
|
||||
<?php // Notifications ?>
|
||||
<script>
|
||||
function mailcow_alert_box(msg, type) {
|
||||
document.getElementById('mailcow-alert').style.display = 'visible';
|
||||
document.getElementById('mailcow-alert-text').innerHTML = msg;
|
||||
document.getElementById("mailcow-alert").className = "alert alert-" + type;
|
||||
}
|
||||
<?php if (isset($_SESSION['return'])): ?>
|
||||
mailcow_alert_box("<?=$_SESSION['return']['msg'];?>", "<?=$_SESSION['return']['type'];?>");
|
||||
<?php endif; unset($_SESSION['return']); ?>
|
||||
</script>
|
||||
</html>
|
||||
<?php $stmt = null; $pdo = null; ?>
|
||||
|
|
|
@ -457,10 +457,6 @@ function get_time_limited_aliases($username = null) {
|
|||
$data = array();
|
||||
if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -687,19 +683,11 @@ function get_policy_list($object = null) {
|
|||
if (!filter_var($object, FILTER_VALIDATE_EMAIL) && is_valid_domain_name($object)) {
|
||||
$object = idn_to_ascii(strtolower(trim($object)));
|
||||
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
elseif (filter_var($object, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $object)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -885,10 +873,6 @@ function get_syncjobs($username = null) {
|
|||
$data = array();
|
||||
if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -916,17 +900,9 @@ function get_syncjob_details($id) {
|
|||
$syncjobdetails = array();
|
||||
if ($_SESSION['mailcow_cc_role'] != "user" &&
|
||||
$_SESSION['mailcow_cc_role'] != "admin") {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (!is_numeric($id)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
|
@ -1301,10 +1277,6 @@ function get_tls_policy($username = null) {
|
|||
$data = array();
|
||||
if (isset($username) && filter_var($username, FILTER_VALIDATE_EMAIL)) {
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $username)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -1687,26 +1659,14 @@ function get_domain_admin_details($domain_admin) {
|
|||
global $lang;
|
||||
$domainadmindata = array();
|
||||
if (isset($domain_admin) && $_SESSION['mailcow_cc_role'] != "admin") {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
if (!isset($domain_admin) && $_SESSION['mailcow_cc_role'] != "domainadmin") {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
(!isset($domain_admin)) ? $domain_admin = $_SESSION['mailcow_cc_username'] : null;
|
||||
|
||||
if (!ctype_alnum(str_replace(array('_', '.', '-'), '', $domain_admin))) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['username_invalid'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
|
@ -2351,10 +2311,6 @@ function get_admin_details() {
|
|||
global $lang;
|
||||
$data = array();
|
||||
if ($_SESSION['mailcow_cc_role'] != 'admin') {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
|
@ -2469,26 +2425,23 @@ function dkim_add_key($postarray) {
|
|||
}
|
||||
}
|
||||
function dkim_get_key_details($domain) {
|
||||
$data = array();
|
||||
global $redis;
|
||||
if (hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
return false;
|
||||
}
|
||||
$data = array();
|
||||
if ($redis_dkim_key_data = $redis->hGet('DKIM_PUB_KEYS', $domain)) {
|
||||
$data['pubkey'] = $redis_dkim_key_data;
|
||||
$data['length'] = (strlen($data['pubkey']) < 391) ? 1024 : 2048;
|
||||
$data['dkim_txt'] = 'v=DKIM1;k=rsa;t=s;s=email;p=' . $redis_dkim_key_data;
|
||||
$data['dkim_selector'] = $redis->hGet('DKIM_SELECTORS', $domain);
|
||||
}
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
function dkim_get_blind_keys() {
|
||||
global $redis;
|
||||
global $lang;
|
||||
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
$domains = array();
|
||||
|
@ -4044,10 +3997,6 @@ function mailbox_get_mailboxes($domain = null) {
|
|||
global $pdo;
|
||||
$mailboxes = array();
|
||||
if (isset($domain) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
elseif (isset($domain) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
|
@ -4096,10 +4045,6 @@ function mailbox_get_resources($domain = null) {
|
|||
global $pdo;
|
||||
$resources = array();
|
||||
if (isset($domain) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
elseif (isset($domain) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
|
@ -4151,10 +4096,6 @@ function mailbox_get_alias_domains($domain = null) {
|
|||
global $pdo;
|
||||
$aliasdomains = array();
|
||||
if (isset($domain) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
elseif (isset($domain) && hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
|
@ -4203,10 +4144,6 @@ function mailbox_get_aliases($domain) {
|
|||
global $pdo;
|
||||
$aliases = array();
|
||||
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -4268,10 +4205,6 @@ function mailbox_get_alias_details($address) {
|
|||
$aliasdata['created'] = $row['created'];
|
||||
$aliasdata['modified'] = $row['modified'];
|
||||
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdata['domain'])) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
@ -4317,10 +4250,6 @@ function mailbox_get_alias_domain_details($aliasdomain) {
|
|||
return false;
|
||||
}
|
||||
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $aliasdomaindata['target_domain'])) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
return $aliasdomaindata;
|
||||
|
@ -4331,9 +4260,11 @@ function mailbox_get_domains() {
|
|||
// Domain does not need to be active
|
||||
global $lang;
|
||||
global $pdo;
|
||||
|
||||
try {
|
||||
$domains = array();
|
||||
if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
$stmt = $pdo->prepare("SELECT `domain` FROM `domain`
|
||||
WHERE (`domain` IN (
|
||||
SELECT `domain` from `domain_admins`
|
||||
|
@ -4367,10 +4298,6 @@ function mailbox_get_domain_details($domain) {
|
|||
$domain = idn_to_ascii(strtolower(trim($domain)));
|
||||
|
||||
if (!hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $domain)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -4461,10 +4388,6 @@ function mailbox_get_mailbox_details($mailbox) {
|
|||
global $lang;
|
||||
global $pdo;
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $mailbox)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
$mailboxdata = array();
|
||||
|
@ -4538,10 +4461,6 @@ function mailbox_get_resource_details($resource) {
|
|||
global $pdo;
|
||||
$resourcedata = array();
|
||||
if (!hasMailboxObjectAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $resource)) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
try {
|
||||
|
@ -4579,10 +4498,6 @@ function mailbox_get_resource_details($resource) {
|
|||
}
|
||||
if (!isset($resourcedata['domain']) ||
|
||||
(isset($resourcedata['domain']) && !hasDomainAccess($_SESSION['mailcow_cc_username'], $_SESSION['mailcow_cc_role'], $resourcedata['domain']))) {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -5047,10 +4962,6 @@ function mailbox_get_sender_acl_handles($mailbox) {
|
|||
global $pdo;
|
||||
global $lang;
|
||||
if ($_SESSION['mailcow_cc_role'] != "admin" && $_SESSION['mailcow_cc_role'] != "domainadmin") {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -5184,9 +5095,6 @@ function get_forwarding_host_details($host) {
|
|||
if (!isset($host) || empty($host)) {
|
||||
return false;
|
||||
}
|
||||
if (filter_var($host, FILTER_VALIDATE_IP)) {
|
||||
return;
|
||||
}
|
||||
try {
|
||||
if ($source = $redis->hGet('WHITELISTED_FWD_HOST', $host)) {
|
||||
$data['host'] = $host;
|
||||
|
@ -5301,10 +5209,6 @@ function get_logs($container, $lines = 100) {
|
|||
global $lang;
|
||||
global $redis;
|
||||
if ($_SESSION['mailcow_cc_role'] != "admin") {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => sprintf($lang['danger']['access_denied'])
|
||||
);
|
||||
return false;
|
||||
}
|
||||
$lines = intval($lines);
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
<link rel="stylesheet" href="/css/footable.bootstrap.min.css">
|
||||
<link rel="stylesheet" href="/inc/languages.min.css">
|
||||
<link rel="stylesheet" href="/css/mailcow.css">
|
||||
<link rel="stylesheet" href="/css/animate.min.css">
|
||||
<?=(preg_match("/mailbox.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/mailbox.css">' : null;?>
|
||||
<?=(preg_match("/admin.php/i", $_SERVER['REQUEST_URI'])) ? '<link rel="stylesheet" href="/css/admin.css">' : null;?>
|
||||
<link rel="shortcut icon" href="/favicon.png" type="image/png">
|
||||
|
|
|
@ -16,6 +16,18 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/lib/vendor/autoload.php';
|
|||
$u2f = new u2flib_server\U2F('https://' . $_SERVER['HTTP_HOST']);
|
||||
$tfa = new RobThree\Auth\TwoFactorAuth('mailcow UI');
|
||||
|
||||
// OWASP CSRF Protector
|
||||
$csrfProtector = new csrfProtector;
|
||||
class mailcowCsrfProtector extends csrfprotector {
|
||||
public static function logCSRFattack() {
|
||||
$_SESSION['return'] = array(
|
||||
'type' => 'danger',
|
||||
'msg' => 'CSRF violation'
|
||||
);
|
||||
}
|
||||
}
|
||||
mailcowCsrfProtector::init();
|
||||
|
||||
// Redis
|
||||
$redis = new Redis();
|
||||
$redis->connect('redis-mailcow', 6379);
|
||||
|
|
|
@ -48,8 +48,8 @@ $(document).ready(function() {
|
|||
jsonp: false,
|
||||
complete: function (data) {
|
||||
// var reponse = (JSON.parse(data.responseText));
|
||||
// alert(reponse.type);
|
||||
// alert(reponse.msg);
|
||||
// console.log(reponse.type);
|
||||
// console.log(reponse.msg);
|
||||
location.assign(window.location);
|
||||
}
|
||||
});
|
||||
|
@ -133,8 +133,8 @@ jQuery(function($){
|
|||
dataType: 'json',
|
||||
url: '/api/v1/get/domain/all',
|
||||
jsonp: false,
|
||||
error: function () {
|
||||
alert('Cannot draw domain table');
|
||||
error: function (data) {
|
||||
console.log('Cannot draw domain table');
|
||||
},
|
||||
success: function (data) {
|
||||
$.each(data, function (i, item) {
|
||||
|
@ -201,7 +201,7 @@ jQuery(function($){
|
|||
url: '/api/v1/get/mailbox/all',
|
||||
jsonp: false,
|
||||
error: function () {
|
||||
alert('Cannot draw mailbox table');
|
||||
console.log('Cannot draw mailbox table');
|
||||
},
|
||||
success: function (data) {
|
||||
$.each(data, function (i, item) {
|
||||
|
@ -260,7 +260,7 @@ jQuery(function($){
|
|||
url: '/api/v1/get/resource/all',
|
||||
jsonp: false,
|
||||
error: function () {
|
||||
alert('Cannot draw resource table');
|
||||
console.log('Cannot draw resource table');
|
||||
},
|
||||
success: function (data) {
|
||||
$.each(data, function (i, item) {
|
||||
|
@ -304,7 +304,7 @@ jQuery(function($){
|
|||
url: '/api/v1/get/alias/all',
|
||||
jsonp: false,
|
||||
error: function () {
|
||||
alert('Cannot draw alias table');
|
||||
console.log('Cannot draw alias table');
|
||||
},
|
||||
success: function (data) {
|
||||
$.each(data, function (i, item) {
|
||||
|
@ -353,7 +353,7 @@ jQuery(function($){
|
|||
url: '/api/v1/get/alias-domain/all',
|
||||
jsonp: false,
|
||||
error: function () {
|
||||
alert('Cannot draw alias domain table');
|
||||
console.log('Cannot draw alias domain table');
|
||||
},
|
||||
success: function (data) {
|
||||
$.each(data, function (i, item) {
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -93,7 +93,7 @@ $_SESSION['return_to'] = $_SERVER['REQUEST_URI'];
|
|||
<h3 class="panel-title"><?=$lang['mailbox']['resources'];?></h3>
|
||||
</div>
|
||||
<div class="table-responsive">
|
||||
<table id="resources_table" class="table table-striped"></table>
|
||||
<table id="resource_table" class="table table-striped"></table>
|
||||
</div>
|
||||
<div class="mass-actions-mailbox">
|
||||
<div class="btn-group">
|
||||
|
|
Loading…
Reference in New Issue